Twitter Vulnerability Could Delete Credit Cards from Any Twitter Account

Twitter Vulnerability Could Delete Credit Cards from Any Twitter Account

today i will write about a serious vulnerability i’ve found recently in Twitter.
so let me share the story with you .

the story started when i saw Twitter introducing their new bug bounty program and starts paying money rewards , i decided to look for new bugs in Twitter and get paid.

at the first moment of hunting i’ve successfully found a csrf vulnerability that can add many followers in single request and bypass the csrf token protection but unfortunately it was duplicate issue .

i started looking again for some more critical bugs and i successfully found a serious logical vulnerability [insecure direct object reference] in ads.twitter.com that allowed me deleting credit cards from any Twitter account.

the impact of the vulnerability was very critical and high because all what’s needed to delete credit card is to have the credit card identifier which consists only of 6 numbers such as “220152″.

Read more on Security Geek. According to Ahmed, he reported the vulnerability to Twitter’s Security Team, who addressed the issue within two days.

Interested in Sponsoring Content?

This site does NOT accept sponsored posts or articles. If you ignore this and send me inquiries about how your high-level article on cottage cheese would be a wonderful addition to this site, I will ignore your inquiries.